00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035 #include "polarssl/config.h"
00036
00037 #if defined(POLARSSL_X509_PARSE_C)
00038
00039 #include "polarssl/x509.h"
00040 #include "polarssl/base64.h"
00041 #include "polarssl/des.h"
00042 #include "polarssl/md2.h"
00043 #include "polarssl/md4.h"
00044 #include "polarssl/md5.h"
00045 #include "polarssl/sha1.h"
00046 #include "polarssl/sha2.h"
00047 #include "polarssl/sha4.h"
00048
00049 #include <string.h>
00050 #include <stdlib.h>
00051 #include <stdio.h>
00052 #include <time.h>
00053
00054
00055
00056
00057 static int asn1_get_len( unsigned char **p,
00058 unsigned char *end,
00059 int *len )
00060 {
00061 if( ( end - *p ) < 1 )
00062 return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
00063
00064 if( ( **p & 0x80 ) == 0 )
00065 *len = *(*p)++;
00066 else
00067 {
00068 switch( **p & 0x7F )
00069 {
00070 case 1:
00071 if( ( end - *p ) < 2 )
00072 return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
00073
00074 *len = (*p)[1];
00075 (*p) += 2;
00076 break;
00077
00078 case 2:
00079 if( ( end - *p ) < 3 )
00080 return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
00081
00082 *len = ( (*p)[1] << 8 ) | (*p)[2];
00083 (*p) += 3;
00084 break;
00085
00086 default:
00087 return( POLARSSL_ERR_ASN1_INVALID_LENGTH );
00088 break;
00089 }
00090 }
00091
00092 if( *len > (int) ( end - *p ) )
00093 return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
00094
00095 return( 0 );
00096 }
00097
00098 static int asn1_get_tag( unsigned char **p,
00099 unsigned char *end,
00100 int *len, int tag )
00101 {
00102 if( ( end - *p ) < 1 )
00103 return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
00104
00105 if( **p != tag )
00106 return( POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
00107
00108 (*p)++;
00109
00110 return( asn1_get_len( p, end, len ) );
00111 }
00112
00113 static int asn1_get_bool( unsigned char **p,
00114 unsigned char *end,
00115 int *val )
00116 {
00117 int ret, len;
00118
00119 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BOOLEAN ) ) != 0 )
00120 return( ret );
00121
00122 if( len != 1 )
00123 return( POLARSSL_ERR_ASN1_INVALID_LENGTH );
00124
00125 *val = ( **p != 0 ) ? 1 : 0;
00126 (*p)++;
00127
00128 return( 0 );
00129 }
00130
00131 static int asn1_get_int( unsigned char **p,
00132 unsigned char *end,
00133 int *val )
00134 {
00135 int ret, len;
00136
00137 if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 )
00138 return( ret );
00139
00140 if( len > (int) sizeof( int ) || ( **p & 0x80 ) != 0 )
00141 return( POLARSSL_ERR_ASN1_INVALID_LENGTH );
00142
00143 *val = 0;
00144
00145 while( len-- > 0 )
00146 {
00147 *val = ( *val << 8 ) | **p;
00148 (*p)++;
00149 }
00150
00151 return( 0 );
00152 }
00153
00154 static int asn1_get_mpi( unsigned char **p,
00155 unsigned char *end,
00156 mpi *X )
00157 {
00158 int ret, len;
00159
00160 if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 )
00161 return( ret );
00162
00163 ret = mpi_read_binary( X, *p, len );
00164
00165 *p += len;
00166
00167 return( ret );
00168 }
00169
00170
00171
00172
00173 static int x509_get_version( unsigned char **p,
00174 unsigned char *end,
00175 int *ver )
00176 {
00177 int ret, len;
00178
00179 if( ( ret = asn1_get_tag( p, end, &len,
00180 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 )
00181 {
00182 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00183 return( *ver = 0 );
00184
00185 return( ret );
00186 }
00187
00188 end = *p + len;
00189
00190 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
00191 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION | ret );
00192
00193 if( *p != end )
00194 return( POLARSSL_ERR_X509_CERT_INVALID_VERSION |
00195 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00196
00197 return( 0 );
00198 }
00199
00200
00201
00202
00203 static int x509_get_serial( unsigned char **p,
00204 unsigned char *end,
00205 x509_buf *serial )
00206 {
00207 int ret;
00208
00209 if( ( end - *p ) < 1 )
00210 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL |
00211 POLARSSL_ERR_ASN1_OUT_OF_DATA );
00212
00213 if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
00214 **p != ASN1_INTEGER )
00215 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL |
00216 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
00217
00218 serial->tag = *(*p)++;
00219
00220 if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
00221 return( POLARSSL_ERR_X509_CERT_INVALID_SERIAL | ret );
00222
00223 serial->p = *p;
00224 *p += serial->len;
00225
00226 return( 0 );
00227 }
00228
00229
00230
00231
00232
00233
00234 static int x509_get_alg( unsigned char **p,
00235 unsigned char *end,
00236 x509_buf *alg )
00237 {
00238 int ret, len;
00239
00240 if( ( ret = asn1_get_tag( p, end, &len,
00241 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00242 return( POLARSSL_ERR_X509_CERT_INVALID_ALG | ret );
00243
00244 end = *p + len;
00245 alg->tag = **p;
00246
00247 if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
00248 return( POLARSSL_ERR_X509_CERT_INVALID_ALG | ret );
00249
00250 alg->p = *p;
00251 *p += alg->len;
00252
00253 if( *p == end )
00254 return( 0 );
00255
00256
00257
00258
00259 if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 )
00260 return( POLARSSL_ERR_X509_CERT_INVALID_ALG | ret );
00261
00262 if( *p != end )
00263 return( POLARSSL_ERR_X509_CERT_INVALID_ALG |
00264 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00265
00266 return( 0 );
00267 }
00268
00269
00270
00271
00272
00273
00274
00275
00276
00277
00278
00279
00280
00281 static int x509_get_name( unsigned char **p,
00282 unsigned char *end,
00283 x509_name *cur )
00284 {
00285 int ret, len;
00286 unsigned char *end2;
00287 x509_buf *oid;
00288 x509_buf *val;
00289
00290 if( ( ret = asn1_get_tag( p, end, &len,
00291 ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
00292 return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
00293
00294 end2 = end;
00295 end = *p + len;
00296
00297 if( ( ret = asn1_get_tag( p, end, &len,
00298 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00299 return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
00300
00301 if( *p + len != end )
00302 return( POLARSSL_ERR_X509_CERT_INVALID_NAME |
00303 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00304
00305 oid = &cur->oid;
00306 oid->tag = **p;
00307
00308 if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
00309 return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
00310
00311 oid->p = *p;
00312 *p += oid->len;
00313
00314 if( ( end - *p ) < 1 )
00315 return( POLARSSL_ERR_X509_CERT_INVALID_NAME |
00316 POLARSSL_ERR_ASN1_OUT_OF_DATA );
00317
00318 if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING &&
00319 **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
00320 **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING )
00321 return( POLARSSL_ERR_X509_CERT_INVALID_NAME |
00322 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
00323
00324 val = &cur->val;
00325 val->tag = *(*p)++;
00326
00327 if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
00328 return( POLARSSL_ERR_X509_CERT_INVALID_NAME | ret );
00329
00330 val->p = *p;
00331 *p += val->len;
00332
00333 cur->next = NULL;
00334
00335 if( *p != end )
00336 return( POLARSSL_ERR_X509_CERT_INVALID_NAME |
00337 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00338
00339
00340
00341
00342 if( *p == end2 )
00343 return( 0 );
00344
00345 cur->next = (x509_name *) malloc(
00346 sizeof( x509_name ) );
00347
00348 if( cur->next == NULL )
00349 return( 1 );
00350
00351 return( x509_get_name( p, end2, cur->next ) );
00352 }
00353
00354
00355
00356
00357
00358
00359 static int x509_get_UTCTime( unsigned char **p,
00360 unsigned char *end,
00361 x509_time *time )
00362 {
00363 int ret, len;
00364 char date[64];
00365
00366 if( ( ret = asn1_get_tag( p, end, &len, ASN1_UTC_TIME ) ) != 0 )
00367 return( POLARSSL_ERR_X509_CERT_INVALID_DATE | ret );
00368
00369 memset( date, 0, sizeof( date ) );
00370 memcpy( date, *p, ( len < (int) sizeof( date ) - 1 ) ?
00371 len : (int) sizeof( date ) - 1 );
00372
00373 if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
00374 &time->year, &time->mon, &time->day,
00375 &time->hour, &time->min, &time->sec ) < 5 )
00376 return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
00377
00378 time->year += 100 * ( time->year < 90 );
00379 time->year += 1900;
00380
00381 *p += len;
00382
00383 return( 0 );
00384 }
00385
00386
00387
00388
00389
00390
00391
00392 static int x509_get_dates( unsigned char **p,
00393 unsigned char *end,
00394 x509_time *from,
00395 x509_time *to )
00396 {
00397 int ret, len;
00398
00399 if( ( ret = asn1_get_tag( p, end, &len,
00400 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00401 return( POLARSSL_ERR_X509_CERT_INVALID_DATE | ret );
00402
00403 end = *p + len;
00404
00405
00406
00407
00408 if( ( ret = x509_get_UTCTime( p, end, from ) ) != 0 )
00409 return( ret );
00410
00411 if( ( ret = x509_get_UTCTime( p, end, to ) ) != 0 )
00412 return( ret );
00413
00414 if( *p != end )
00415 return( POLARSSL_ERR_X509_CERT_INVALID_DATE |
00416 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00417
00418 return( 0 );
00419 }
00420
00421
00422
00423
00424
00425
00426 static int x509_get_pubkey( unsigned char **p,
00427 unsigned char *end,
00428 x509_buf *pk_alg_oid,
00429 mpi *N, mpi *E )
00430 {
00431 int ret, len;
00432 unsigned char *end2;
00433
00434 if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
00435 return( ret );
00436
00437
00438
00439
00440 if( pk_alg_oid->len != 9 ||
00441 memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
00442 return( POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG );
00443
00444 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
00445 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | ret );
00446
00447 if( ( end - *p ) < 1 )
00448 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY |
00449 POLARSSL_ERR_ASN1_OUT_OF_DATA );
00450
00451 end2 = *p + len;
00452
00453 if( *(*p)++ != 0 )
00454 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY );
00455
00456
00457
00458
00459
00460
00461
00462 if( ( ret = asn1_get_tag( p, end2, &len,
00463 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00464 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | ret );
00465
00466 if( *p + len != end2 )
00467 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY |
00468 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00469
00470 if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
00471 ( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
00472 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | ret );
00473
00474 if( *p != end )
00475 return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY |
00476 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00477
00478 return( 0 );
00479 }
00480
00481 static int x509_get_sig( unsigned char **p,
00482 unsigned char *end,
00483 x509_buf *sig )
00484 {
00485 int ret, len;
00486
00487 sig->tag = **p;
00488
00489 if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
00490 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE | ret );
00491
00492 if( --len < 1 || *(*p)++ != 0 )
00493 return( POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE );
00494
00495 sig->len = len;
00496 sig->p = *p;
00497
00498 *p += len;
00499
00500 return( 0 );
00501 }
00502
00503
00504
00505
00506 static int x509_get_uid( unsigned char **p,
00507 unsigned char *end,
00508 x509_buf *uid, int n )
00509 {
00510 int ret;
00511
00512 if( *p == end )
00513 return( 0 );
00514
00515 uid->tag = **p;
00516
00517 if( ( ret = asn1_get_tag( p, end, &uid->len,
00518 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 )
00519 {
00520 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00521 return( 0 );
00522
00523 return( ret );
00524 }
00525
00526 uid->p = *p;
00527 *p += uid->len;
00528
00529 return( 0 );
00530 }
00531
00532
00533
00534
00535
00536 static int x509_get_ext( unsigned char **p,
00537 unsigned char *end,
00538 x509_buf *ext )
00539 {
00540 int ret, len;
00541
00542 if( *p == end )
00543 return( 0 );
00544
00545 ext->tag = **p;
00546
00547 if( ( ret = asn1_get_tag( p, end, &ext->len,
00548 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) != 0 )
00549 return( ret );
00550
00551 ext->p = *p;
00552 end = *p + ext->len;
00553
00554
00555
00556
00557
00558
00559
00560
00561
00562 if( ( ret = asn1_get_tag( p, end, &len,
00563 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00564 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00565
00566 if( end != *p + len )
00567 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS |
00568 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00569
00570 return( 0 );
00571 }
00572
00573
00574
00575
00576 static int x509_get_crl_ext( unsigned char **p,
00577 unsigned char *end,
00578 x509_buf *ext )
00579 {
00580 int ret, len;
00581
00582 if( ( ret = x509_get_ext( p, end, ext ) ) != 0 )
00583 {
00584 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00585 return( 0 );
00586
00587 return( ret );
00588 }
00589
00590 while( *p < end )
00591 {
00592 if( ( ret = asn1_get_tag( p, end, &len,
00593 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00594 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00595
00596 *p += len;
00597 }
00598
00599 if( *p != end )
00600 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS |
00601 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00602
00603 return( 0 );
00604 }
00605
00606
00607
00608
00609 static int x509_get_crt_ext( unsigned char **p,
00610 unsigned char *end,
00611 x509_buf *ext,
00612 int *ca_istrue,
00613 int *max_pathlen )
00614 {
00615 int ret, len;
00616 int is_critical = 1;
00617 int is_cacert = 0;
00618 unsigned char *end_ext_data, *end_ext_octet;
00619
00620 if( ( ret = x509_get_ext( p, end, ext ) ) != 0 )
00621 {
00622 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00623 return( 0 );
00624
00625 return( ret );
00626 }
00627
00628 while( *p < end )
00629 {
00630 if( ( ret = asn1_get_tag( p, end, &len,
00631 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00632 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00633
00634 end_ext_data = *p + len;
00635
00636 if( memcmp( *p, "\x06\x03\x55\x1D\x13", 5 ) != 0 )
00637 {
00638 *p += len;
00639 continue;
00640 }
00641
00642 *p += 5;
00643
00644 if( ( ret = asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
00645 ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) )
00646 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00647
00648 if( ( ret = asn1_get_tag( p, end_ext_data, &len,
00649 ASN1_OCTET_STRING ) ) != 0 )
00650 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00651
00652
00653
00654
00655
00656
00657 end_ext_octet = *p + len;
00658
00659 if( end_ext_octet != end_ext_data )
00660 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS |
00661 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00662
00663 if( ( ret = asn1_get_tag( p, end_ext_octet, &len,
00664 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00665 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00666
00667 if( *p == end_ext_octet )
00668 continue;
00669
00670 if( ( ret = asn1_get_bool( p, end_ext_octet, &is_cacert ) ) != 0 )
00671 {
00672 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00673 ret = asn1_get_int( p, end_ext_octet, &is_cacert );
00674
00675 if( ret != 0 )
00676 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00677
00678 if( is_cacert != 0 )
00679 is_cacert = 1;
00680 }
00681
00682 if( *p == end_ext_octet )
00683 continue;
00684
00685 if( ( ret = asn1_get_int( p, end_ext_octet, max_pathlen ) ) != 0 )
00686 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret );
00687
00688 if( *p != end_ext_octet )
00689 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS |
00690 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00691
00692 max_pathlen++;
00693 }
00694
00695 if( *p != end )
00696 return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS |
00697 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00698
00699 *ca_istrue = is_critical & is_cacert;
00700
00701 return( 0 );
00702 }
00703
00704
00705
00706
00707 static int x509_get_entries( unsigned char **p,
00708 unsigned char *end,
00709 x509_crl_entry *entry )
00710 {
00711 int ret, entry_len;
00712 x509_crl_entry *cur_entry = entry;
00713
00714 if( *p == end )
00715 return( 0 );
00716
00717 if( ( ret = asn1_get_tag( p, end, &entry_len,
00718 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
00719 {
00720 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00721 return( 0 );
00722
00723 return( ret );
00724 }
00725
00726 end = *p + entry_len;
00727
00728 while( *p < end )
00729 {
00730 int len2;
00731
00732 if( ( ret = asn1_get_tag( p, end, &len2,
00733 ASN1_SEQUENCE | ASN1_CONSTRUCTED ) ) != 0 )
00734 {
00735 return( ret );
00736 }
00737
00738 cur_entry->raw.tag = **p;
00739 cur_entry->raw.p = *p;
00740 cur_entry->raw.len = len2;
00741
00742 if( ( ret = x509_get_serial( p, end, &cur_entry->serial ) ) != 0 )
00743 return( ret );
00744
00745 if( ( ret = x509_get_UTCTime( p, end, &cur_entry->revocation_date ) ) != 0 )
00746 return( ret );
00747
00748 if( ( ret = x509_get_crl_ext( p, end, &cur_entry->entry_ext ) ) != 0 )
00749 return( ret );
00750
00751 if ( *p < end ) {
00752 cur_entry->next = malloc( sizeof( x509_crl_entry ) );
00753 cur_entry = cur_entry->next;
00754 memset( cur_entry, 0, sizeof( x509_crl_entry ) );
00755 }
00756 }
00757
00758 return( 0 );
00759 }
00760
00761
00762
00763
00764 int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
00765 {
00766 int ret, len;
00767 unsigned char *s1, *s2;
00768 unsigned char *p, *end;
00769 x509_cert *crt;
00770
00771 crt = chain;
00772
00773
00774
00775
00776 if( crt == NULL || buf == NULL )
00777 return( 1 );
00778
00779 while( crt->version != 0 && crt->next != NULL )
00780 crt = crt->next;
00781
00782
00783
00784
00785 if ( crt->version != 0 && crt->next == NULL)
00786 {
00787 crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
00788
00789 if( crt->next == NULL )
00790 {
00791 x509_free( crt );
00792 return( 1 );
00793 }
00794
00795 crt = crt->next;
00796 memset( crt, 0, sizeof( x509_cert ) );
00797 }
00798
00799
00800
00801
00802 s1 = (unsigned char *) strstr( (char *) buf,
00803 "-----BEGIN CERTIFICATE-----" );
00804
00805 if( s1 != NULL )
00806 {
00807 s2 = (unsigned char *) strstr( (char *) buf,
00808 "-----END CERTIFICATE-----" );
00809
00810 if( s2 == NULL || s2 <= s1 )
00811 return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
00812
00813 s1 += 27;
00814 if( *s1 == '\r' ) s1++;
00815 if( *s1 == '\n' ) s1++;
00816 else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
00817
00818
00819
00820
00821 len = 0;
00822 ret = base64_decode( NULL, &len, s1, s2 - s1 );
00823
00824 if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
00825 return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
00826
00827 if( ( p = (unsigned char *) malloc( len ) ) == NULL )
00828 return( 1 );
00829
00830 if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
00831 {
00832 free( p );
00833 return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
00834 }
00835
00836
00837
00838
00839 s2 += 25;
00840 if( *s2 == '\r' ) s2++;
00841 if( *s2 == '\n' ) s2++;
00842 else
00843 {
00844 free( p );
00845 return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
00846 }
00847
00848 buflen -= s2 - buf;
00849 buf = s2;
00850 }
00851 else
00852 {
00853
00854
00855
00856 p = (unsigned char *) malloc( len = buflen );
00857
00858 if( p == NULL )
00859 return( 1 );
00860
00861 memcpy( p, buf, buflen );
00862
00863 buflen = 0;
00864 }
00865
00866 crt->raw.p = p;
00867 crt->raw.len = len;
00868 end = p + len;
00869
00870
00871
00872
00873
00874
00875
00876 if( ( ret = asn1_get_tag( &p, end, &len,
00877 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00878 {
00879 x509_free( crt );
00880 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
00881 }
00882
00883 if( len != (int) ( end - p ) )
00884 {
00885 x509_free( crt );
00886 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
00887 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00888 }
00889
00890
00891
00892
00893 crt->tbs.p = p;
00894
00895 if( ( ret = asn1_get_tag( &p, end, &len,
00896 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00897 {
00898 x509_free( crt );
00899 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT | ret );
00900 }
00901
00902 end = p + len;
00903 crt->tbs.len = end - crt->tbs.p;
00904
00905
00906
00907
00908
00909
00910
00911
00912 if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
00913 ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
00914 ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
00915 {
00916 x509_free( crt );
00917 return( ret );
00918 }
00919
00920 crt->version++;
00921
00922 if( crt->version > 3 )
00923 {
00924 x509_free( crt );
00925 return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
00926 }
00927
00928 if( crt->sig_oid1.len != 9 ||
00929 memcmp( crt->sig_oid1.p, OID_PKCS1, 8 ) != 0 )
00930 {
00931 x509_free( crt );
00932 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
00933 }
00934
00935 if( crt->sig_oid1.p[8] < 2 ||
00936 ( crt->sig_oid1.p[8] > 5 && crt->sig_oid1.p[8] < 11 ) ||
00937 crt->sig_oid1.p[8] > 14 )
00938 {
00939 x509_free( crt );
00940 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
00941 }
00942
00943
00944
00945
00946 crt->issuer_raw.p = p;
00947
00948 if( ( ret = asn1_get_tag( &p, end, &len,
00949 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00950 {
00951 x509_free( crt );
00952 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT | ret );
00953 }
00954
00955 if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
00956 {
00957 x509_free( crt );
00958 return( ret );
00959 }
00960
00961 crt->issuer_raw.len = p - crt->issuer_raw.p;
00962
00963
00964
00965
00966
00967
00968
00969 if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
00970 &crt->valid_to ) ) != 0 )
00971 {
00972 x509_free( crt );
00973 return( ret );
00974 }
00975
00976
00977
00978
00979 crt->subject_raw.p = p;
00980
00981 if( ( ret = asn1_get_tag( &p, end, &len,
00982 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00983 {
00984 x509_free( crt );
00985 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT | ret );
00986 }
00987
00988 if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
00989 {
00990 x509_free( crt );
00991 return( ret );
00992 }
00993
00994 crt->subject_raw.len = p - crt->subject_raw.p;
00995
00996
00997
00998
00999
01000
01001 if( ( ret = asn1_get_tag( &p, end, &len,
01002 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
01003 {
01004 x509_free( crt );
01005 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT | ret );
01006 }
01007
01008 if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
01009 &crt->rsa.N, &crt->rsa.E ) ) != 0 )
01010 {
01011 x509_free( crt );
01012 return( ret );
01013 }
01014
01015 if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
01016 {
01017 x509_free( crt );
01018 return( ret );
01019 }
01020
01021 crt->rsa.len = mpi_size( &crt->rsa.N );
01022
01023
01024
01025
01026
01027
01028
01029
01030
01031 if( crt->version == 2 || crt->version == 3 )
01032 {
01033 ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
01034 if( ret != 0 )
01035 {
01036 x509_free( crt );
01037 return( ret );
01038 }
01039 }
01040
01041 if( crt->version == 2 || crt->version == 3 )
01042 {
01043 ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
01044 if( ret != 0 )
01045 {
01046 x509_free( crt );
01047 return( ret );
01048 }
01049 }
01050
01051 if( crt->version == 3 )
01052 {
01053 ret = x509_get_crt_ext( &p, end, &crt->v3_ext,
01054 &crt->ca_istrue, &crt->max_pathlen );
01055 if( ret != 0 )
01056 {
01057 x509_free( crt );
01058 return( ret );
01059 }
01060 }
01061
01062 if( p != end )
01063 {
01064 x509_free( crt );
01065 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
01066 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
01067 }
01068
01069 end = crt->raw.p + crt->raw.len;
01070
01071
01072
01073
01074
01075 if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
01076 {
01077 x509_free( crt );
01078 return( ret );
01079 }
01080
01081 if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
01082 {
01083 x509_free( crt );
01084 return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
01085 }
01086
01087 if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
01088 {
01089 x509_free( crt );
01090 return( ret );
01091 }
01092
01093 if( p != end )
01094 {
01095 x509_free( crt );
01096 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
01097 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
01098 }
01099
01100 if( buflen > 0 )
01101 {
01102 crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
01103
01104 if( crt->next == NULL )
01105 {
01106 x509_free( crt );
01107 return( 1 );
01108 }
01109
01110 crt = crt->next;
01111 memset( crt, 0, sizeof( x509_cert ) );
01112
01113 return( x509parse_crt( crt, buf, buflen ) );
01114 }
01115
01116 return( 0 );
01117 }
01118
01119
01120
01121
01122 int x509parse_crl( x509_crl *chain, unsigned char *buf, int buflen )
01123 {
01124 int ret, len;
01125 unsigned char *s1, *s2;
01126 unsigned char *p, *end;
01127 x509_crl *crl;
01128
01129 crl = chain;
01130
01131
01132
01133
01134 if( crl == NULL || buf == NULL )
01135 return( 1 );
01136
01137 while( crl->version != 0 && crl->next != NULL )
01138 crl = crl->next;
01139
01140
01141
01142
01143 if ( crl->version != 0 && crl->next == NULL)
01144 {
01145 crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
01146
01147 if( crl->next == NULL )
01148 {
01149 x509_crl_free( crl );
01150 return( 1 );
01151 }
01152
01153 crl = crl->next;
01154 memset( crl, 0, sizeof( x509_crl ) );
01155 }
01156
01157
01158
01159
01160 s1 = (unsigned char *) strstr( (char *) buf,
01161 "-----BEGIN X509 CRL-----" );
01162
01163 if( s1 != NULL )
01164 {
01165 s2 = (unsigned char *) strstr( (char *) buf,
01166 "-----END X509 CRL-----" );
01167
01168 if( s2 == NULL || s2 <= s1 )
01169 return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
01170
01171 s1 += 24;
01172 if( *s1 == '\r' ) s1++;
01173 if( *s1 == '\n' ) s1++;
01174 else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
01175
01176
01177
01178
01179 len = 0;
01180 ret = base64_decode( NULL, &len, s1, s2 - s1 );
01181
01182 if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
01183 return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
01184
01185 if( ( p = (unsigned char *) malloc( len ) ) == NULL )
01186 return( 1 );
01187
01188 if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
01189 {
01190 free( p );
01191 return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
01192 }
01193
01194
01195
01196
01197 s2 += 22;
01198 if( *s2 == '\r' ) s2++;
01199 if( *s2 == '\n' ) s2++;
01200 else
01201 {
01202 free( p );
01203 return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
01204 }
01205
01206 buflen -= s2 - buf;
01207 buf = s2;
01208 }
01209 else
01210 {
01211
01212
01213
01214 p = (unsigned char *) malloc( len = buflen );
01215
01216 if( p == NULL )
01217 return( 1 );
01218
01219 memcpy( p, buf, buflen );
01220
01221 buflen = 0;
01222 }
01223
01224 crl->raw.p = p;
01225 crl->raw.len = len;
01226 end = p + len;
01227
01228
01229
01230
01231
01232
01233
01234 if( ( ret = asn1_get_tag( &p, end, &len,
01235 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
01236 {
01237 x509_crl_free( crl );
01238 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT );
01239 }
01240
01241 if( len != (int) ( end - p ) )
01242 {
01243 x509_crl_free( crl );
01244 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
01245 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
01246 }
01247
01248
01249
01250
01251 crl->tbs.p = p;
01252
01253 if( ( ret = asn1_get_tag( &p, end, &len,
01254 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
01255 {
01256 x509_crl_free( crl );
01257 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT | ret );
01258 }
01259
01260 end = p + len;
01261 crl->tbs.len = end - crl->tbs.p;
01262
01263
01264
01265
01266
01267
01268
01269 if( ( ret = x509_get_version( &p, end, &crl->version ) ) != 0 ||
01270 ( ret = x509_get_alg( &p, end, &crl->sig_oid1 ) ) != 0 )
01271 {
01272 x509_crl_free( crl );
01273 return( ret );
01274 }
01275
01276 crl->version++;
01277
01278 if( crl->version > 2 )
01279 {
01280 x509_crl_free( crl );
01281 return( POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION );
01282 }
01283
01284 if( crl->sig_oid1.len != 9 ||
01285 memcmp( crl->sig_oid1.p, OID_PKCS1, 8 ) != 0 )
01286 {
01287 x509_crl_free( crl );
01288 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
01289 }
01290
01291 if( crl->sig_oid1.p[8] < 2 ||
01292 ( crl->sig_oid1.p[8] > 5 && crl->sig_oid1.p[8] < 11 ) ||
01293 crl->sig_oid1.p[8] > 14 )
01294 {
01295 x509_crl_free( crl );
01296 return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
01297 }
01298
01299
01300
01301
01302 crl->issuer_raw.p = p;
01303
01304 if( ( ret = asn1_get_tag( &p, end, &len,
01305 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
01306 {
01307 x509_crl_free( crl );
01308 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT | ret );
01309 }
01310
01311 if( ( ret = x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
01312 {
01313 x509_crl_free( crl );
01314 return( ret );
01315 }
01316
01317 crl->issuer_raw.len = p - crl->issuer_raw.p;
01318
01319
01320
01321
01322
01323 if( ( ret = x509_get_UTCTime( &p, end, &crl->this_update ) ) != 0 )
01324 {
01325 x509_crl_free( crl );
01326 return( ret );
01327 }
01328
01329 if( ( ret = x509_get_UTCTime( &p, end, &crl->next_update ) ) != 0 )
01330 {
01331 if ( ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE |
01332 POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) &&
01333 ret != ( POLARSSL_ERR_X509_CERT_INVALID_DATE |
01334 POLARSSL_ERR_ASN1_OUT_OF_DATA ) )
01335 {
01336 x509_crl_free( crl );
01337 return( ret );
01338 }
01339 }
01340
01341
01342
01343
01344
01345
01346
01347
01348
01349 if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
01350 {
01351 x509_crl_free( crl );
01352 return( ret );
01353 }
01354
01355
01356
01357
01358
01359 if( crl->version == 2 )
01360 {
01361 ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
01362
01363 if( ret != 0 )
01364 {
01365 x509_crl_free( crl );
01366 return( ret );
01367 }
01368 }
01369
01370 if( p != end )
01371 {
01372 x509_crl_free( crl );
01373 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
01374 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
01375 }
01376
01377 end = crl->raw.p + crl->raw.len;
01378
01379
01380
01381
01382
01383 if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2 ) ) != 0 )
01384 {
01385 x509_crl_free( crl );
01386 return( ret );
01387 }
01388
01389 if( memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
01390 {
01391 x509_crl_free( crl );
01392 return( POLARSSL_ERR_X509_CERT_SIG_MISMATCH );
01393 }
01394
01395 if( ( ret = x509_get_sig( &p, end, &crl->sig ) ) != 0 )
01396 {
01397 x509_crl_free( crl );
01398 return( ret );
01399 }
01400
01401 if( p != end )
01402 {
01403 x509_crl_free( crl );
01404 return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT |
01405 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
01406 }
01407
01408 if( buflen > 0 )
01409 {
01410 crl->next = (x509_crl *) malloc( sizeof( x509_crl ) );
01411
01412 if( crl->next == NULL )
01413 {
01414 x509_crl_free( crl );
01415 return( 1 );
01416 }
01417
01418 crl = crl->next;
01419 memset( crl, 0, sizeof( x509_crl ) );
01420
01421 return( x509parse_crl( crl, buf, buflen ) );
01422 }
01423
01424 return( 0 );
01425 }
01426
01427
01428
01429
01430 int load_file( char *path, unsigned char **buf, size_t *n )
01431 {
01432 FILE *f;
01433
01434 if( ( f = fopen( path, "rb" ) ) == NULL )
01435 return( 1 );
01436
01437 fseek( f, 0, SEEK_END );
01438 *n = (size_t) ftell( f );
01439 fseek( f, 0, SEEK_SET );
01440
01441 if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
01442 return( 1 );
01443
01444 if( fread( *buf, 1, *n, f ) != *n )
01445 {
01446 fclose( f );
01447 free( *buf );
01448 return( 1 );
01449 }
01450
01451 fclose( f );
01452
01453 (*buf)[*n] = '\0';
01454
01455 return( 0 );
01456 }
01457
01458
01459
01460
01461 int x509parse_crtfile( x509_cert *chain, char *path )
01462 {
01463 int ret;
01464 size_t n;
01465 unsigned char *buf;
01466
01467 if ( load_file( path, &buf, &n ) )
01468 return( 1 );
01469
01470 ret = x509parse_crt( chain, buf, (int) n );
01471
01472 memset( buf, 0, n + 1 );
01473 free( buf );
01474
01475 return( ret );
01476 }
01477
01478
01479
01480
01481 int x509parse_crlfile( x509_crl *chain, char *path )
01482 {
01483 int ret;
01484 size_t n;
01485 unsigned char *buf;
01486
01487 if ( load_file( path, &buf, &n ) )
01488 return( 1 );
01489
01490 ret = x509parse_crl( chain, buf, (int) n );
01491
01492 memset( buf, 0, n + 1 );
01493 free( buf );
01494
01495 return( ret );
01496 }
01497
01498 #if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
01499
01500
01501
01502 static int x509_get_iv( unsigned char *s, unsigned char iv[8] )
01503 {
01504 int i, j, k;
01505
01506 memset( iv, 0, 8 );
01507
01508 for( i = 0; i < 16; i++, s++ )
01509 {
01510 if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
01511 if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
01512 if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
01513 return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
01514
01515 k = ( ( i & 1 ) != 0 ) ? j : j << 4;
01516
01517 iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
01518 }
01519
01520 return( 0 );
01521 }
01522
01523
01524
01525
01526 static void x509_des3_decrypt( unsigned char des3_iv[8],
01527 unsigned char *buf, int buflen,
01528 unsigned char *pwd, int pwdlen )
01529 {
01530 md5_context md5_ctx;
01531 des3_context des3_ctx;
01532 unsigned char md5sum[16];
01533 unsigned char des3_key[24];
01534
01535
01536
01537
01538
01539 md5_starts( &md5_ctx );
01540 md5_update( &md5_ctx, pwd, pwdlen );
01541 md5_update( &md5_ctx, des3_iv, 8 );
01542 md5_finish( &md5_ctx, md5sum );
01543 memcpy( des3_key, md5sum, 16 );
01544
01545 md5_starts( &md5_ctx );
01546 md5_update( &md5_ctx, md5sum, 16 );
01547 md5_update( &md5_ctx, pwd, pwdlen );
01548 md5_update( &md5_ctx, des3_iv, 8 );
01549 md5_finish( &md5_ctx, md5sum );
01550 memcpy( des3_key + 16, md5sum, 8 );
01551
01552 des3_set3key_dec( &des3_ctx, des3_key );
01553 des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
01554 des3_iv, buf, buf );
01555
01556 memset( &md5_ctx, 0, sizeof( md5_ctx ) );
01557 memset( &des3_ctx, 0, sizeof( des3_ctx ) );
01558 memset( md5sum, 0, 16 );
01559 memset( des3_key, 0, 24 );
01560 }
01561 #endif
01562
01563
01564
01565
01566 int x509parse_key( rsa_context *rsa, unsigned char *buf, int buflen,
01567 unsigned char *pwd, int pwdlen )
01568 {
01569 int ret, len, enc;
01570 unsigned char *s1, *s2;
01571 unsigned char *p, *end;
01572 #if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
01573 unsigned char des3_iv[8];
01574 #else
01575 ((void) pwd);
01576 ((void) pwdlen);
01577 #endif
01578
01579 s1 = (unsigned char *) strstr( (char *) buf,
01580 "-----BEGIN RSA PRIVATE KEY-----" );
01581
01582 if( s1 != NULL )
01583 {
01584 s2 = (unsigned char *) strstr( (char *) buf,
01585 "-----END RSA PRIVATE KEY-----" );
01586
01587 if( s2 == NULL || s2 <= s1 )
01588 return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
01589
01590 s1 += 31;
01591 if( *s1 == '\r' ) s1++;
01592 if( *s1 == '\n' ) s1++;
01593 else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
01594
01595 enc = 0;
01596
01597 if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
01598 {
01599 #if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
01600 enc++;
01601
01602 s1 += 22;
01603 if( *s1 == '\r' ) s1++;
01604 if( *s1 == '\n' ) s1++;
01605 else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
01606
01607 if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) != 0 )
01608 return( POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG );
01609
01610 s1 += 23;
01611 if( x509_get_iv( s1, des3_iv ) != 0 )
01612 return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
01613
01614 s1 += 16;
01615 if( *s1 == '\r' ) s1++;
01616 if( *s1 == '\n' ) s1++;
01617 else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
01618 #else
01619 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
01620 #endif
01621 }
01622
01623 len = 0;
01624 ret = base64_decode( NULL, &len, s1, s2 - s1 );
01625
01626 if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
01627 return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
01628
01629 if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
01630 return( 1 );
01631
01632 if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
01633 {
01634 free( buf );
01635 return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
01636 }
01637
01638 buflen = len;
01639
01640 if( enc != 0 )
01641 {
01642 #if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
01643 if( pwd == NULL )
01644 {
01645 free( buf );
01646 return( POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED );
01647 }
01648
01649 x509_des3_decrypt( des3_iv, buf, buflen, pwd, pwdlen );
01650
01651 if( buf[0] != 0x30 || buf[1] != 0x82 ||
01652 buf[4] != 0x02 || buf[5] != 0x01 )
01653 {
01654 free( buf );
01655 return( POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH );
01656 }
01657 #else
01658 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
01659 #endif
01660 }
01661 }
01662
01663 memset( rsa, 0, sizeof( rsa_context ) );
01664
01665 p = buf;
01666 end = buf + buflen;
01667
01668
01669
01670
01671
01672
01673
01674
01675
01676
01677
01678
01679
01680
01681
01682 if( ( ret = asn1_get_tag( &p, end, &len,
01683 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
01684 {
01685 if( s1 != NULL )
01686 free( buf );
01687
01688 rsa_free( rsa );
01689 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
01690 }
01691
01692 end = p + len;
01693
01694 if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
01695 {
01696 if( s1 != NULL )
01697 free( buf );
01698
01699 rsa_free( rsa );
01700 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
01701 }
01702
01703 if( rsa->ver != 0 )
01704 {
01705 if( s1 != NULL )
01706 free( buf );
01707
01708 rsa_free( rsa );
01709 return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
01710 }
01711
01712 if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
01713 ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
01714 ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
01715 ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
01716 ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
01717 ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
01718 ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
01719 ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
01720 {
01721 if( s1 != NULL )
01722 free( buf );
01723
01724 rsa_free( rsa );
01725 return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
01726 }
01727
01728 rsa->len = mpi_size( &rsa->N );
01729
01730 if( p != end )
01731 {
01732 if( s1 != NULL )
01733 free( buf );
01734
01735 rsa_free( rsa );
01736 return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
01737 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
01738 }
01739
01740 if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
01741 {
01742 if( s1 != NULL )
01743 free( buf );
01744
01745 rsa_free( rsa );
01746 return( ret );
01747 }
01748
01749 if( s1 != NULL )
01750 free( buf );
01751
01752 return( 0 );
01753 }
01754
01755
01756
01757
01758 int x509parse_keyfile( rsa_context *rsa, char *path, char *pwd )
01759 {
01760 int ret;
01761 size_t n;
01762 unsigned char *buf;
01763
01764 if ( load_file( path, &buf, &n ) )
01765 return( 1 );
01766
01767 if( pwd == NULL )
01768 ret = x509parse_key( rsa, buf, (int) n, NULL, 0 );
01769 else
01770 ret = x509parse_key( rsa, buf, (int) n,
01771 (unsigned char *) pwd, strlen( pwd ) );
01772
01773 memset( buf, 0, n + 1 );
01774 free( buf );
01775
01776 return( ret );
01777 }
01778
01779 #if defined _MSC_VER && !defined snprintf
01780 #include <stdarg.h>
01781
01782 #if !defined vsnprintf
01783 #define vsnprintf _vsnprintf
01784 #endif // vsnprintf
01785
01786
01787
01788
01789
01790
01791
01792
01793 int compat_snprintf(char *str, size_t size, const char *format, ...)
01794 {
01795 va_list ap;
01796 int res = -1;
01797
01798 va_start( ap, format );
01799
01800 res = vsnprintf( str, size, format, ap );
01801
01802 va_end( ap );
01803
01804
01805 if ( res < 0 )
01806 return( size + 20 );
01807
01808 return res;
01809 }
01810
01811 #define snprintf compat_snprintf
01812 #endif
01813
01814 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
01815
01816 #define SAFE_SNPRINTF() \
01817 { \
01818 if( ret == -1 ) \
01819 return( -1 ); \
01820 \
01821 if ( ret > n ) { \
01822 p[n - 1] = '\0'; \
01823 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
01824 } \
01825 \
01826 n -= ret; \
01827 p += ret; \
01828 }
01829
01830
01831
01832
01833
01834 int x509parse_dn_gets( char *buf, size_t size, x509_name *dn )
01835 {
01836 int i, ret, n;
01837 unsigned char c;
01838 x509_name *name;
01839 char s[128], *p;
01840
01841 memset( s, 0, sizeof( s ) );
01842
01843 name = dn;
01844 p = buf;
01845 n = size;
01846
01847 while( name != NULL )
01848 {
01849 if( name != dn ) {
01850 ret = snprintf( p, n, ", " );
01851 SAFE_SNPRINTF();
01852 }
01853
01854 if( memcmp( name->oid.p, OID_X520, 2 ) == 0 )
01855 {
01856 switch( name->oid.p[2] )
01857 {
01858 case X520_COMMON_NAME:
01859 ret = snprintf( p, n, "CN=" ); break;
01860
01861 case X520_COUNTRY:
01862 ret = snprintf( p, n, "C=" ); break;
01863
01864 case X520_LOCALITY:
01865 ret = snprintf( p, n, "L=" ); break;
01866
01867 case X520_STATE:
01868 ret = snprintf( p, n, "ST=" ); break;
01869
01870 case X520_ORGANIZATION:
01871 ret = snprintf( p, n, "O=" ); break;
01872
01873 case X520_ORG_UNIT:
01874 ret = snprintf( p, n, "OU=" ); break;
01875
01876 default:
01877 ret = snprintf( p, n, "0x%02X=",
01878 name->oid.p[2] );
01879 break;
01880 }
01881 SAFE_SNPRINTF();
01882 }
01883 else if( memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
01884 {
01885 switch( name->oid.p[8] )
01886 {
01887 case PKCS9_EMAIL:
01888 ret = snprintf( p, n, "emailAddress=" ); break;
01889
01890 default:
01891 ret = snprintf( p, n, "0x%02X=",
01892 name->oid.p[8] );
01893 break;
01894 }
01895 SAFE_SNPRINTF();
01896 }
01897 else
01898 {
01899 ret = snprintf( p, n, "\?\?=" );
01900 SAFE_SNPRINTF();
01901 }
01902
01903 for( i = 0; i < name->val.len; i++ )
01904 {
01905 if( i >= (int) sizeof( s ) - 1 )
01906 break;
01907
01908 c = name->val.p[i];
01909 if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
01910 s[i] = '?';
01911 else s[i] = c;
01912 }
01913 s[i] = '\0';
01914 ret = snprintf( p, n, "%s", s );
01915 SAFE_SNPRINTF();
01916 name = name->next;
01917 }
01918
01919 return( size - n );
01920 }
01921
01922
01923
01924
01925 int x509parse_cert_info( char *buf, size_t size, char *prefix, x509_cert *crt )
01926 {
01927 int i, n, nr, ret;
01928 char *p;
01929
01930 p = buf;
01931 n = size;
01932
01933 ret = snprintf( p, n, "%scert. version : %d\n",
01934 prefix, crt->version );
01935 SAFE_SNPRINTF();
01936 ret = snprintf( p, n, "%sserial number : ",
01937 prefix );
01938 SAFE_SNPRINTF();
01939
01940 nr = ( crt->serial.len <= 32 )
01941 ? crt->serial.len : 32;
01942
01943 for( i = 0; i < nr; i++ )
01944 {
01945 ret = snprintf( p, n, "%02X%s",
01946 crt->serial.p[i], ( i < nr - 1 ) ? ":" : "" );
01947 SAFE_SNPRINTF();
01948 }
01949
01950 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
01951 SAFE_SNPRINTF();
01952 ret = x509parse_dn_gets( p, n, &crt->issuer );
01953 SAFE_SNPRINTF();
01954
01955 ret = snprintf( p, n, "\n%ssubject name : ", prefix );
01956 SAFE_SNPRINTF();
01957 ret = x509parse_dn_gets( p, n, &crt->subject );
01958 SAFE_SNPRINTF();
01959
01960 ret = snprintf( p, n, "\n%sissued on : " \
01961 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
01962 crt->valid_from.year, crt->valid_from.mon,
01963 crt->valid_from.day, crt->valid_from.hour,
01964 crt->valid_from.min, crt->valid_from.sec );
01965 SAFE_SNPRINTF();
01966
01967 ret = snprintf( p, n, "\n%sexpires on : " \
01968 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
01969 crt->valid_to.year, crt->valid_to.mon,
01970 crt->valid_to.day, crt->valid_to.hour,
01971 crt->valid_to.min, crt->valid_to.sec );
01972 SAFE_SNPRINTF();
01973
01974 ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
01975 SAFE_SNPRINTF();
01976
01977 switch( crt->sig_oid1.p[8] )
01978 {
01979 case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
01980 case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
01981 case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
01982 case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
01983 case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
01984 case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
01985 case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
01986 case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
01987 default: ret = snprintf( p, n, "???" ); break;
01988 }
01989 SAFE_SNPRINTF();
01990
01991 ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
01992 crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 );
01993 SAFE_SNPRINTF();
01994
01995 return( size - n );
01996 }
01997
01998
01999
02000
02001 int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl )
02002 {
02003 int i, n, nr, ret;
02004 char *p;
02005 x509_crl_entry *entry;
02006
02007 p = buf;
02008 n = size;
02009
02010 ret = snprintf( p, n, "%sCRL version : %d",
02011 prefix, crl->version );
02012 SAFE_SNPRINTF();
02013
02014 ret = snprintf( p, n, "\n%sissuer name : ", prefix );
02015 SAFE_SNPRINTF();
02016 ret = x509parse_dn_gets( p, n, &crl->issuer );
02017 SAFE_SNPRINTF();
02018
02019 ret = snprintf( p, n, "\n%sthis update : " \
02020 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
02021 crl->this_update.year, crl->this_update.mon,
02022 crl->this_update.day, crl->this_update.hour,
02023 crl->this_update.min, crl->this_update.sec );
02024 SAFE_SNPRINTF();
02025
02026 ret = snprintf( p, n, "\n%snext update : " \
02027 "%04d-%02d-%02d %02d:%02d:%02d", prefix,
02028 crl->next_update.year, crl->next_update.mon,
02029 crl->next_update.day, crl->next_update.hour,
02030 crl->next_update.min, crl->next_update.sec );
02031 SAFE_SNPRINTF();
02032
02033 entry = &crl->entry;
02034
02035 ret = snprintf( p, n, "\n%sRevoked certificates:",
02036 prefix );
02037 SAFE_SNPRINTF();
02038
02039 while( entry != NULL && entry->raw.len != 0 )
02040 {
02041 ret = snprintf( p, n, "\n%sserial number: ",
02042 prefix );
02043 SAFE_SNPRINTF();
02044
02045 nr = ( entry->serial.len <= 32 )
02046 ? entry->serial.len : 32;
02047
02048 for( i = 0; i < nr; i++ ) {
02049 ret = snprintf( p, n, "%02X%s",
02050 entry->serial.p[i], ( i < nr - 1 ) ? ":" : "" );
02051 SAFE_SNPRINTF();
02052 }
02053
02054 ret = snprintf( p, n, " revocation date: " \
02055 "%04d-%02d-%02d %02d:%02d:%02d",
02056 entry->revocation_date.year, entry->revocation_date.mon,
02057 entry->revocation_date.day, entry->revocation_date.hour,
02058 entry->revocation_date.min, entry->revocation_date.sec );
02059 SAFE_SNPRINTF();
02060
02061 entry = entry->next;
02062 }
02063
02064 ret = snprintf( p, n, "\n%ssigned using : RSA+", prefix );
02065 SAFE_SNPRINTF();
02066
02067 switch( crl->sig_oid1.p[8] )
02068 {
02069 case SIG_RSA_MD2 : ret = snprintf( p, n, "MD2" ); break;
02070 case SIG_RSA_MD4 : ret = snprintf( p, n, "MD4" ); break;
02071 case SIG_RSA_MD5 : ret = snprintf( p, n, "MD5" ); break;
02072 case SIG_RSA_SHA1 : ret = snprintf( p, n, "SHA1" ); break;
02073 case SIG_RSA_SHA224 : ret = snprintf( p, n, "SHA224" ); break;
02074 case SIG_RSA_SHA256 : ret = snprintf( p, n, "SHA256" ); break;
02075 case SIG_RSA_SHA384 : ret = snprintf( p, n, "SHA384" ); break;
02076 case SIG_RSA_SHA512 : ret = snprintf( p, n, "SHA512" ); break;
02077 default: ret = snprintf( p, n, "???" ); break;
02078 }
02079 SAFE_SNPRINTF();
02080
02081 ret = snprintf( p, n, "\n" );
02082 SAFE_SNPRINTF();
02083
02084 return( size - n );
02085 }
02086
02087
02088
02089
02090 int x509parse_time_expired( x509_time *to )
02091 {
02092 struct tm *lt;
02093 time_t tt;
02094
02095 tt = time( NULL );
02096 lt = localtime( &tt );
02097
02098 if( lt->tm_year > to->year - 1900 )
02099 return( 1 );
02100
02101 if( lt->tm_year == to->year - 1900 &&
02102 lt->tm_mon > to->mon - 1 )
02103 return( 1 );
02104
02105 if( lt->tm_year == to->year - 1900 &&
02106 lt->tm_mon == to->mon - 1 &&
02107 lt->tm_mday > to->day )
02108 return( 1 );
02109
02110 return( 0 );
02111 }
02112
02113
02114
02115
02116 int x509parse_revoked( x509_cert *crt, x509_crl *crl )
02117 {
02118 x509_crl_entry *cur = &crl->entry;
02119
02120 while( cur != NULL && cur->serial.len != 0 )
02121 {
02122 if( memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
02123 {
02124 if( x509parse_time_expired( &cur->revocation_date ) )
02125 return( 1 );
02126 }
02127
02128 cur = cur->next;
02129 }
02130
02131 return( 0 );
02132 }
02133
02134
02135
02136
02137
02138
02139 static void x509_hash( unsigned char *in, int len, int alg,
02140 unsigned char *out )
02141 {
02142 switch( alg )
02143 {
02144 #if defined(POLARSSL_MD2_C)
02145 case SIG_RSA_MD2 : md2( in, len, out ); break;
02146 #endif
02147 #if defined(POLARSSL_MD4_C)
02148 case SIG_RSA_MD4 : md4( in, len, out ); break;
02149 #endif
02150 #if defined(POLARSSL_MD5_C)
02151 case SIG_RSA_MD5 : md5( in, len, out ); break;
02152 #endif
02153 #if defined(POLARSSL_SHA1_C)
02154 case SIG_RSA_SHA1 : sha1( in, len, out ); break;
02155 #endif
02156 #if defined(POLARSSL_SHA2_C)
02157 case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
02158 case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
02159 #endif
02160 #if defined(POLARSSL_SHA4_C)
02161 case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
02162 case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
02163 #endif
02164 default:
02165 memset( out, '\xFF', 64 );
02166 break;
02167 }
02168 }
02169
02170
02171
02172
02173 int x509parse_verify( x509_cert *crt,
02174 x509_cert *trust_ca,
02175 x509_crl *ca_crl,
02176 char *cn, int *flags )
02177 {
02178 int cn_len;
02179 int hash_id;
02180 int pathlen;
02181 x509_cert *cur;
02182 x509_name *name;
02183 unsigned char hash[64];
02184
02185 *flags = 0;
02186
02187 if( x509parse_time_expired( &crt->valid_to ) )
02188 *flags = BADCERT_EXPIRED;
02189
02190 if( cn != NULL )
02191 {
02192 name = &crt->subject;
02193 cn_len = strlen( cn );
02194
02195 while( name != NULL )
02196 {
02197 if( memcmp( name->oid.p, OID_CN, 3 ) == 0 &&
02198 memcmp( name->val.p, cn, cn_len ) == 0 &&
02199 name->val.len == cn_len )
02200 break;
02201
02202 name = name->next;
02203 }
02204
02205 if( name == NULL )
02206 *flags |= BADCERT_CN_MISMATCH;
02207 }
02208
02209 *flags |= BADCERT_NOT_TRUSTED;
02210
02211
02212
02213
02214
02215 cur = crt->next;
02216
02217 pathlen = 1;
02218
02219 while( cur != NULL && cur->version != 0 )
02220 {
02221 if( cur->ca_istrue == 0 ||
02222 crt->issuer_raw.len != cur->subject_raw.len ||
02223 memcmp( crt->issuer_raw.p, cur->subject_raw.p,
02224 crt->issuer_raw.len ) != 0 )
02225 {
02226 cur = cur->next;
02227 continue;
02228 }
02229
02230 hash_id = crt->sig_oid1.p[8];
02231
02232 x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
02233
02234 if( rsa_pkcs1_verify( &cur->rsa, RSA_PUBLIC, hash_id,
02235 0, hash, crt->sig.p ) != 0 )
02236 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
02237
02238 pathlen++;
02239
02240 crt = cur;
02241 cur = crt->next;
02242 }
02243
02244
02245
02246
02247 while( trust_ca != NULL && trust_ca->version != 0 )
02248 {
02249 if( crt->issuer_raw.len != trust_ca->subject_raw.len ||
02250 memcmp( crt->issuer_raw.p, trust_ca->subject_raw.p,
02251 crt->issuer_raw.len ) != 0 )
02252 {
02253 trust_ca = trust_ca->next;
02254 continue;
02255 }
02256
02257 if( trust_ca->max_pathlen > 0 &&
02258 trust_ca->max_pathlen < pathlen )
02259 break;
02260
02261 hash_id = crt->sig_oid1.p[8];
02262
02263 x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash );
02264
02265 if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
02266 0, hash, crt->sig.p ) == 0 )
02267 {
02268
02269
02270
02271 *flags &= ~BADCERT_NOT_TRUSTED;
02272 break;
02273 }
02274
02275 trust_ca = trust_ca->next;
02276 }
02277
02278
02279
02280
02281
02282
02283
02284
02285
02286
02287
02288 while( trust_ca != NULL && ca_crl != NULL && ca_crl->version != 0 )
02289 {
02290 if( ca_crl->issuer_raw.len != trust_ca->subject_raw.len ||
02291 memcmp( ca_crl->issuer_raw.p, trust_ca->subject_raw.p,
02292 ca_crl->issuer_raw.len ) != 0 )
02293 {
02294 ca_crl = ca_crl->next;
02295 continue;
02296 }
02297
02298
02299
02300
02301 hash_id = ca_crl->sig_oid1.p[8];
02302
02303 x509_hash( ca_crl->tbs.p, ca_crl->tbs.len, hash_id, hash );
02304
02305 if( !rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
02306 0, hash, ca_crl->sig.p ) == 0 )
02307 {
02308
02309
02310
02311 *flags |= BADCRL_NOT_TRUSTED;
02312 break;
02313 }
02314
02315
02316
02317
02318 if( x509parse_time_expired( &ca_crl->next_update ) )
02319 *flags |= BADCRL_EXPIRED;
02320
02321
02322
02323
02324 if( x509parse_revoked(crt, ca_crl) )
02325 {
02326 *flags |= BADCERT_REVOKED;
02327 break;
02328 }
02329
02330 ca_crl = ca_crl->next;
02331 }
02332
02333 if( *flags != 0 )
02334 return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
02335
02336 return( 0 );
02337 }
02338
02339
02340
02341
02342 void x509_free( x509_cert *crt )
02343 {
02344 x509_cert *cert_cur = crt;
02345 x509_cert *cert_prv;
02346 x509_name *name_cur;
02347 x509_name *name_prv;
02348
02349 if( crt == NULL )
02350 return;
02351
02352 do
02353 {
02354 rsa_free( &cert_cur->rsa );
02355
02356 name_cur = cert_cur->issuer.next;
02357 while( name_cur != NULL )
02358 {
02359 name_prv = name_cur;
02360 name_cur = name_cur->next;
02361 memset( name_prv, 0, sizeof( x509_name ) );
02362 free( name_prv );
02363 }
02364
02365 name_cur = cert_cur->subject.next;
02366 while( name_cur != NULL )
02367 {
02368 name_prv = name_cur;
02369 name_cur = name_cur->next;
02370 memset( name_prv, 0, sizeof( x509_name ) );
02371 free( name_prv );
02372 }
02373
02374 if( cert_cur->raw.p != NULL )
02375 {
02376 memset( cert_cur->raw.p, 0, cert_cur->raw.len );
02377 free( cert_cur->raw.p );
02378 }
02379
02380 cert_cur = cert_cur->next;
02381 }
02382 while( cert_cur != NULL );
02383
02384 cert_cur = crt;
02385 do
02386 {
02387 cert_prv = cert_cur;
02388 cert_cur = cert_cur->next;
02389
02390 memset( cert_prv, 0, sizeof( x509_cert ) );
02391 if( cert_prv != crt )
02392 free( cert_prv );
02393 }
02394 while( cert_cur != NULL );
02395 }
02396
02397
02398
02399
02400 void x509_crl_free( x509_crl *crl )
02401 {
02402 x509_crl *crl_cur = crl;
02403 x509_crl *crl_prv;
02404 x509_name *name_cur;
02405 x509_name *name_prv;
02406 x509_crl_entry *entry_cur;
02407 x509_crl_entry *entry_prv;
02408
02409 if( crl == NULL )
02410 return;
02411
02412 do
02413 {
02414 name_cur = crl_cur->issuer.next;
02415 while( name_cur != NULL )
02416 {
02417 name_prv = name_cur;
02418 name_cur = name_cur->next;
02419 memset( name_prv, 0, sizeof( x509_name ) );
02420 free( name_prv );
02421 }
02422
02423 entry_cur = crl_cur->entry.next;
02424 while( entry_cur != NULL )
02425 {
02426 entry_prv = entry_cur;
02427 entry_cur = entry_cur->next;
02428 memset( entry_prv, 0, sizeof( x509_crl_entry ) );
02429 free( entry_prv );
02430 }
02431
02432 if( crl_cur->raw.p != NULL )
02433 {
02434 memset( crl_cur->raw.p, 0, crl_cur->raw.len );
02435 free( crl_cur->raw.p );
02436 }
02437
02438 crl_cur = crl_cur->next;
02439 }
02440 while( crl_cur != NULL );
02441
02442 crl_cur = crl;
02443 do
02444 {
02445 crl_prv = crl_cur;
02446 crl_cur = crl_cur->next;
02447
02448 memset( crl_prv, 0, sizeof( x509_crl ) );
02449 if( crl_prv != crl )
02450 free( crl_prv );
02451 }
02452 while( crl_cur != NULL );
02453 }
02454
02455 #if defined(POLARSSL_SELF_TEST)
02456
02457 #include "polarssl/certs.h"
02458
02459
02460
02461
02462 int x509_self_test( int verbose )
02463 {
02464 #if defined(POLARSSL_MD5_C)
02465 int ret, i, j;
02466 x509_cert cacert;
02467 x509_cert clicert;
02468 rsa_context rsa;
02469
02470 if( verbose != 0 )
02471 printf( " X.509 certificate load: " );
02472
02473 memset( &clicert, 0, sizeof( x509_cert ) );
02474
02475 ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
02476 strlen( test_cli_crt ) );
02477 if( ret != 0 )
02478 {
02479 if( verbose != 0 )
02480 printf( "failed\n" );
02481
02482 return( ret );
02483 }
02484
02485 memset( &cacert, 0, sizeof( x509_cert ) );
02486
02487 ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
02488 strlen( test_ca_crt ) );
02489 if( ret != 0 )
02490 {
02491 if( verbose != 0 )
02492 printf( "failed\n" );
02493
02494 return( ret );
02495 }
02496
02497 if( verbose != 0 )
02498 printf( "passed\n X.509 private key load: " );
02499
02500 i = strlen( test_ca_key );
02501 j = strlen( test_ca_pwd );
02502
02503 if( ( ret = x509parse_key( &rsa,
02504 (unsigned char *) test_ca_key, i,
02505 (unsigned char *) test_ca_pwd, j ) ) != 0 )
02506 {
02507 if( verbose != 0 )
02508 printf( "failed\n" );
02509
02510 return( ret );
02511 }
02512
02513 if( verbose != 0 )
02514 printf( "passed\n X.509 signature verify: ");
02515
02516 ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &i );
02517 if( ret != 0 )
02518 {
02519 if( verbose != 0 )
02520 printf( "failed\n" );
02521
02522 return( ret );
02523 }
02524
02525 if( verbose != 0 )
02526 printf( "passed\n\n" );
02527
02528 x509_free( &cacert );
02529 x509_free( &clicert );
02530 rsa_free( &rsa );
02531
02532 return( 0 );
02533 #else
02534 ((void) verbose);
02535 return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
02536 #endif
02537 }
02538
02539 #endif
02540
02541 #endif